Vulnerabilities

CVE-2007-0478

by Fred · 24/01/2007

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.

Date published : 2007-01-24

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://www.securityfocus.com/bid/25159

Similar

Tags: Cybersecurity Alert